P.S. re: ldaps To be useful in an email server context, the ssl has to be able to support not only the usual business of making sure the ldap server uses a certificate signed by a CA approved by the citadel server, but the citadel server be able to offer a certificate to authenticate itself to the ldap server.
The reason is that an email server's security is a stand-in for every recipient of email on that server and every system allowed to send mail via that server. While uses where an individual is looking up something on an ldap system for himself or herself can accept server authentication only, I think developers ought to give serious consideration to making citadel servers using ldaps have as the default offering local certificates to the ldap server to authenticate the citadel server to the ldap server and not just the ldap server to the citadel server.
Harry
